Who should attend
Splunk administrators.
Prerequisites
Required:
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Splunk System Administration
- Splunk Data Administration
Note: For Splunk Cloud customers, Splunk Cloud Administration can replace Splunk System Administration and Splunk Data Administration
Recommended:
- Architecting Spunk Enterprise Deployments
Course Objectives
This 13.5 hour course prepares architects and systems administrators to install, configure and manage Splunk Enterprise Security. It covers ES event processing and normalization, deployment requirements, technology add-ons, settings, risk analysis settings, threat intelligence and protocol intelligence configuration, and customizations.
Course Content
- Identify normal ES use cases
- Examine deployment requirements for typical ES installs
- Learn how to install ES and gather information for lookups
- Learn the steps to setting up inputs using technology add-ons
- Create custom correlation searches
- Configure ES risk analysis, threat and protocol intelligence
- Fine tune ES’s settings and other customizations